#StackBounty: #apache-2.2 #apache-2.4 #reverse-proxy #mod-rewrite #proxypass apache rewriterule and proxypass 404 issue

Bounty: 50

I’m trying to set up group access to certain urls on my reverse proxy gateway. The previous questions that combine proxypass and mod_rewrite do so not for the reasons that I am doing so. I am combining them because I am trying to force an internal redirect (so I can see the HTTP headers.. This is because mod_rewrite cannot see the headers that I want unless I do an internal redirect). (This is a must, unfortunately)

If I remove the rewrite lines, the proxy works as expected (it’s serving the files correctly). However, the group access is not being enforced.

<VirtualHost *:*>
    ServerName mysubdomain.mydomain.com
    SSLProxyEngine on
    
    #I'm not an apache sys-admin professional so I'm not sure if any of these are necessary
    ProxyPreserveHost On
    ProxyRequests Off
    AllowEncodedSlashes On

    <Location /mypath>
        #this AuthType is what gets the HTTP header that I want (GROUPS)
        AuthType MyApacheAgt
        Order Deny,Allow
        Deny from all
        Allow from all

        RewriteEngine On
        RewriteCond %{ENV:REDIRECT_PASS} !1
        RewriteRule ^(.*)$ /$1 [L,E=PASS:1,PT]
        RewriteCond %{HTTP:GROUPS} !^.*some-group-to-match-to.*$
        RewriteRule ^(.*)$ /$1 [L,R=403,PT]

        ProxyPass        http://my-proxied-webserver.mydomain:8080/mypath disablereuse=On retry=0 nocanon
        ProxyPassReverse http://my-proxied-webserver.mydomain:8080/mypath
    </Location>

</VirtualHost>
        

From my apache logs, I see that I’m getting:

[pid 9:tid 140131688048384] [client XX] AH00128: File does not exist: /var/www/html/proxy:http:/my-proxied-webserver.mydomain:8020/mypath

One thing that alarms me is that there is only one / in the proxied url in the error log. Is this normal?

I am using apache 2.4 (and would prefer 2.4, but most 2.2 can be converted over)

Would it be simpler to merge the rewriterules and the proxy lines (if this is possible?)


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.